Here you'll find the latest updates, news and most relevant events on technology!
Stay on top of the main events, innovations and trends in the market, as well as updates on projects and initiatives.
Follow us so you don’t miss any news!
When most security teams think about insider risk, they immediately picture the malicious actor: the disgruntled employee downloading a customer list before quitting, or the rogue developer leaking source code to a competitor. Those scenarios are real and dangerous, but while malicious insider activity gets the most attention, the greater and more persistent risk comes from well-intentioned employees whose routine actions and blind spots accidentally put sensitive data at risk — often without anyone realizing it.
Insider risk isn’t just about intent. It’s about context, access, and misaligned incentives. And while most organizations think they have “good policies” in place, the real risk lives in the space between written rules and lived behaviors. That’s where visibility gaps emerge and where insider threats thrive.
In this post, we’ll break down the lesser-known, but incredibly common, insider risk gaps that organizations tend to overlook. If your insider risk program feels solid on paper, consider this a reality check. What follows isn’t about bad actors or headline-worthy breaches, but the everyday patterns of work that quietly create exposure long before anyone realizes it.
Offboarding: The Soft Underbelly of Insider Risk
Let’s start with one of the most obvious, but least consistently executed, vulnerabilities: employee offboarding. Many companies don’t immediately revoke access when someone leaves. Maybe HR notifies IT a day late. Maybe it’s a slow Friday and the admin queue doesn’t get touched until Monday. Maybe a contractor wraps up a project and their credentials just fall through the cracks.
Even a short delay gives an insider the window they need to exfiltrate critical files, scrape email threads, or clone repositories. And in hybrid environments where employees can work from anywhere, it’s not like they need to be in the office to execute their plan.
The issue here isn’t just technical, it’s procedural. Offboarding often relies on a chain of handoffs across teams, tools, and systems that aren’t designed to stay perfectly in sync. Without centralized visibility, security teams are left assuming access has been revoked without being able to confirm that it truly has everywhere it matters.
Role Creep: When Access Expands but Never Contracts
It happens all the time. An employee gets temporary access to a sensitive system or dataset for a project. The project ends. But no one ever removes the access.
Multiply that across dozens of projects, hundreds of users, and years of growth, and you end up with role creep — users accumulating access they no longer need, often to data that’s far outside their current responsibilities.
Over time, this creates a bloated, over-permissioned environment where a single compromised or malicious insider has reached far beyond what their job should allow. The scariest part? Most companies have no easy way to map access patterns against actual job function. It’s not just about who can access sensitive data. It’s about who should.
Role creep doesn’t turn employees malicious. It turns ordinary trust into latent risk by quietly handing out more access than anyone intended.
Cloud Collaboration Tools: The Unseen Exit Route
Not long ago, collaboration was relatively contained. Files lived on shared servers. Documents moved through email. Infrastructure teams had clear control over where data went and how it was shared.
Today, that model is gone. Slack, Google Drive, Dropbox, Notion, and GitHub are the lifeblood of modern work, and they’ve fundamentally changed how information moves inside organizations. Not because they’re insecure, but because data now flows freely across tools and users in ways most teams struggle to fully monitor.
Security teams often don’t have deep visibility into what users are doing in these tools. Sensitive files can be shared with personal accounts, exposed to public links, or downloaded in bulk — all without triggering traditional DLP rules. Chat messages can contain customer data, pricing information, screenshots, credentials, and more. And in many cases, none of it is logged, flagged, or correlated with broader user behavior.
Collaboration platforms blur the line between communication and storage. As conversations turn into files, links, and shared artifacts, sensitive data quietly proliferates; copied, cached, and stored across multiple tools long after its original context is gone. Without monitoring these platforms for insider behavior, organizations miss one of the fastest-growing vectors for silent data loss.
Personal Devices and Unmanaged Endpoints
Even in companies that issue corporate laptops, employees still use personal phones, tablets, or home machines to check emails, open Slack threads, or view dashboards. And for contractors or freelancers, unmanaged devices are often the default.
That creates a serious blind spot. Even if your main endpoint protection solution is doing its job, you can’t enforce policy or capture telemetry on personal or BYOD endpoints. If a user downloads sensitive documents to their home desktop or screenshots internal tools on their iPhone, you won’t know. And once that data leaves your visibility layer, it’s gone.
Hybrid work has made this problem worse. Employees are logging in from cafes, co-working spaces, shared home offices, and doing real work on devices you don’t control. Without endpoint visibility, insider risk becomes almost impossible to quantify, let alone contain.
Print, Copy, Screenshot: The Analog Loophole
Security teams spend millions on digital controls, but forget about the oldest data exfiltration tools in the book: printer trays, clipboard copy, and camera rolls.
Yes, people still print sensitive documents. Yes, they still take pictures of their screens. And yes, they still copy and paste information from secure systems into personal files, unmanaged notes, or third-party platforms.
These are analog behaviors in a digital world and most organizations have no answer for them. Traditional DLP can’t detect when someone pulls out their phone. It won’t trigger an alert when someone uses the Snipping Tool or grabs content through Command + C. Yet these actions are incredibly common and often go unnoticed until long after the fact.
Your IRM strategy needs to address the human-device interaction layer. That means visibility into screen-level behavior, clipboard activity, and print logs, especially in roles that handle sensitive data daily.
The Insider Threat That Isn’t Malicious
Here’s a hard truth: most insider incidents aren’t malicious. They’re caused by smart, well-meaning employees who are trying to do their jobs, fast.
They email themselves files to work from home. They upload documents to a personal cloud account so they can collaborate with someone who doesn’t have internal access. They store passwords in plaintext because it’s “just easier.” They take screenshots of a dashboard to paste into a client deck.
These actions don’t come from intent to harm. But they expose sensitive data in ways that traditional policies were never built to handle. And the irony is, if these behaviors become normalized (e.g. if no one gets flagged, warned, or educated) employees start assuming they’re okay.
That’s how risk becomes culture.
Get Ahead of the Risk Before It Becomes Reality
All of these gaps stem from the same root problem: visibility. You can’t address insider risk if you can’t see how data moves, how people interact with it, and what “normal” actually looks like.
In practice, this often shows up quietly, like a former employee whose access lingered just long enough to download a shared drive, or a well-meaning engineer who synced sensitive documents to a personal workspace to work from home.
Effective IRM programs close this gap by establishing behavioral baselines, tracking data lineage, correlating access with real user activity, and surfacing anomalies in context. More importantly, they recognize that insider risk isn’t a static set of alerts. It’s an evolving challenge shaped by how people work, collaborate, and change roles over time.
Organizations that haven’t mapped these gaps aren’t just exposed — they’re operating without a clear picture of their risk.
You don’t need to wait for an incident to start closing them. And you don’t need to do everything at once. Start with visibility. Pick a single data flow, a high-risk role, or one department. Map how data moves, who touches it, and where risk accumulates. From there, insider risk becomes something you can understand and deliberately improve.
The call comes at 2 a.m. It’s your chief financial officer, and the tone of their voice conveys immediate alarm. The organization’s network is locked down, systems are inaccessible, and a ransom demand is flashing across every screen. This scenario is more than a fictional thriller; it reflects the stark reality for business leaders globally grappling with escalating cyber threats. With the average cost of a data breach reaching $4.45 million, the financial and operational stakes are immense. Business continuity and reputation hang in the balance.
This is the nightmare moment every executive fears. It’s a crisis that forces an urgent question: What if your employees were your strongest line of defense rather than your organization’s most vulnerable link? Today, the paradigm of business cybersecurity is shifting—technology remains essential, but the human element is consistently targeted by sophisticated adversaries. Investing in cybersecurity training for employees is no longer just a best practice; it is a strategic imperative for business resilience and sustained competitive advantage.
The Uncomfortable Truth About Your Biggest Vulnerability
Organizations spend billions of dollars each year deploying advanced firewalls, endpoint detection solutions, and cyber risk management software. Security awareness is a common board-level agenda item, and CISOs typically highlight technical countermeasures in executive meetings. Yet, despite massive investments in such security training programs and infrastructure, an uncomfortable truth persists: the majority of cyber incidents involve a human element.
Data Reveals the Human Factor
Industry research shows that approximately 60% of all security breaches result from human error or manipulation. Employees remain susceptible to phishing training shortfalls, poorly understood security policies, and social engineering scams. From clicking on dangerous email attachments to falling victim to business email compromise attacks, employee cyber education gaps play directly into attackers’ hands.
Today’s threat actors aren’t just probing firewalls; they’re engineering targeted attacks to exploit loyal, distracted, or uninformed staff. This reality underscores the renewed urgency of security awareness and employee training, making robust security education and cybersecurity awareness training ROI for executives a critical discussion point at every board meeting.
The Existential Threat to Small and Midsize Businesses
Large enterprises might command headlines, but SMBs are often at greater risk. Attackers identify small and midsize businesses as lower-hanging fruit, perceiving lighter defenses and slimmer budgets. Data shows 78% of SMB leaders worry a significant cyberattack could put them out of business. With so many small business owners and SMB executives seeking an employee security training implementation guide for SMBs, practical, role-based security training implementation is now core to business survival.
This stark reality creates a paradox: The very employees who drive growth and innovation can, without effective cyber resilience training and information security awareness, unwittingly become the weakest link. The gap between technology investment and security education is a vulnerability that businesses cannot continue to ignore.
The Hidden Price Tag of Inaction
Overlooking cybersecurity training for employees comes with mounting and often underestimated consequences. Measuring the effectiveness of your cybersecurity training programs and their KPIs against potential breach costs reveals a staggering disparity between investment and potential loss.
A Spectrum of Costs
Breach response costs vary by what went wrong—but consistently, costs skyrocket when the human element is involved:
But the financial hit is only the beginning.
Reputational Damage and Regulatory Fines
Failing to prioritize security culture or cyber risk management doesn’t just result in financial loss; it damages customer trust and brand reputation, resulting in customer attrition, competitive loss, and negative media exposure. Regulatory failure compounds the pain: frameworks such as GDPR and CCPA can levy multimillion-dollar fines for breaches, especially when security education and compliance evidence is lacking.
The Competitive Disadvantage
Security breaches now differentiate winners from losers in every market segment. Forward-thinking companies that deploy effective cybersecurity training programs and invest in cyber resilience training gain trust from clients, partners, and regulators. In contrast, those ignoring security awareness find themselves at a disadvantage when competitors demonstrate stronger breach prevention training, transparency, and regulatory compliance.
Some organizations, however, have rewritten the script: by treating human error cybersecurity prevention strategies for business as an investment—not an afterthought—they turn employees into organizations’ greatest security assets.
The Great Reversal: Employees as Your Human Firewall
Reframing employees as contributors to a “human firewall” marks a strategic transformation in security posture. It’s about empowering staff with ongoing, relevant employee cyber education that blends technical and behavioral change, ultimately supporting your wider business cybersecurity objectives.
The Staggering ROI of Security Awareness Training
Data shows that investing in cybersecurity training for employees is among the highest-ROI actions a business can take:
When measured using effectiveness KPIs (such as reduced phishing click rates, increased incident reporting, and lower incident response times), employee security training programs’ effectiveness measurement KPIs reveal clear, quantifiable benefits.
Typical Objections and Counter Strategies
The Strategic Crossroads: Decision Point for Today’s Leaders
The current cyber landscape presents a clear strategic choice: Become a proactive leader in security culture or risk reacting to potentially devastating incidents. Competitors who prioritize cybersecurity training for employees and deploy breach prevention training are building a business advantage rooted in customer trust and operational continuity.
Failing to act means not just facing possible regulatory non-compliance and loss of market share but risking the very survival of your organization—particularly true for smaller businesses with slimmer margins for error.
Your Next Chapter: Five Immediate Steps to Bolster Security Awareness
To transition courageously and effectively into a security-first culture, here are five actionable, high-impact steps for business executives, SMB leaders, and CISOs:
Long-Term Vision: Embedding Security into Your Business DNA
Success is not measured solely by technology, but by the organization’s collective ability to recognize, resist, and recover from evolving threats. By investing in business cybersecurity and integrating employee security training as a core business strategy, you earn customer trust, regulatory goodwill, and a sustained market advantage.
Security is not a one-time investment, but an ongoing commitment. The sooner you begin, the greater the benefits; financially, culturally, and competitively.
Final Inspiration: From Vulnerability to Strength
The journey to cyber resilience begins with the recognition that your people are both your greatest risk and your greatest shield. With the right cybersecurity training for employees, the so-called weakest link becomes your most robust human firewall. Whether you lead a global enterprise or a local SMB, now is the time to invest in security awareness, transform your workforce, and secure your organization’s future.
Take action today, because the organizations that move first gain a lasting advantage.
In this special edition, Tenable leaders forecast key 2026 trends, including: AI will make attacks more plentiful and less costly; machine identities will become the top cloud risk; preemptive cloud and exposure management will dethrone runtime detection; and automated remediation gets the go-ahead.
1 – AI won’t spawn new attack vectors in 2026
Is artificial intelligence (AI) about to unleash a wave of never-before-seen cyber attacks? Not quite. While the hype machine might suggest otherwise, the reality for 2026 is grounded in a familiar truth: most bad actors are opportunists looking for low-hanging fruit. They don’t want to reinvent the wheel. Rather, they’re looking for easy wins that yield big gains with minimal effort.
“AI is not a magic wand; it supercharges traditional attack methods,” Tenable Chief Product Officer Eric Doerr says. “It will drive down the cost of attack generation and increase the volume, and it might even find a new zero day or two, but it’s not finding novel attack techniques.”
In response, cyber teams should double down on foundational cybersecurity practices to combat these high-volume, AI-enhanced threats.
As Doerr explains: “At the end of the day, cybersecurity is a numbers game and AI broadens attackers’ canvas. Basic cyber hygiene remains the best defense.”
Prediction: In 2026, as attackers increase their use of AI, cyber attacks will grow in number and become less expensive to launch. However, attackers won’t leverage AI to create new attack vectors.
2 – Automatic remediation will get the green light
For years, the idea of letting a machine automatically fix a security issue has been considered verboten. But in 2026, can we afford to keep “automatic” on the forbidden list? The expanding attack surface and the velocity of threats are forcing a reevaluation of this well-established no-no.
“Automatic remediation, mobilization, and mitigation are no longer forbidden,” Tenable Chief Security Officer Robert Huber says.
Embracing automation not just for detection, but for the actual fixing of problems, represents a major cultural change in cybersecurity, moving trust from human hands to automated systems.
“For years, teams have been hesitant to automatically remediate, but I believe that to keep pace with the threat and expansion of the attack surface, teams will start to defy that long-held belief that automatic is forbidden,” he adds.
Prediction: In 2026, teams will rethink the tenet that automatic remediation is too risky to implement, as manual remediation proves unsustainable for most organizations that want to stay ahead of the curve and manage their cyber risk effectively without overwhelming their security pros.
3 – Cloud security focus shifts from runtime detection to prevention-first strategies
Is the industry finally moving past the idea that runtime detection is a silver bullet? We think so. Heading into 2026, security leaders are increasingly recognizing that many cloud breaches begin well before runtime, and will look to build a resilient defense via a broader, preemptive approach.
“The 2025 hype that runtime detection is the only thing that matters and could replace posture or identity analysis will fade in 2026,” says Liat Hayun, Tenable Senior Vice President of Product Management and Research.
“Runtime-only tools miss most attack paths because identity abuse and misconfigurations occur long before anything reaches runtime. Runtime will remain important, but it won’t replace CNAPP or exposure management – it’ll be another data source inside a broader prevention-first approach,” she adds.
Prediction: The narrative that runtime detection can supersede identity and posture analysis will rapidly lose steam in 2026. Instead, runtime tools will function as a complementary data input, reinforcing a security architecture that is anchored on a CNAPP and an exposure management platform and that preemptively identifies and mitigates risks.
4 – Acceleration becomes the single biggest threat to your organization
Can your security team move faster than a lightning-quick AI-driven attack? In 2026, attack speed will become the greatest challenge for cyber defenders. As attackers leverage automation to compress the attack lifecycle, the window for effective response shrinks.
“The who, what, how, and why of an attack don’t matter because AI-fueled attacks start and end before a ticket is even created,” Doerr says.
That’s why organizations must make it a priority to quickly set up preemptive security programs. Otherwise, they leave themselves exposed to cyber risks that traditional, reactive methods simply can’t mitigate. “Proactive defense makes speed obsolete,” he says.
Prediction: In 2026, AI-fueled acceleration will become adversaries’ primary weapon, rendering reactive security measures ineffective. In response, cyber teams must shift to proactive cyber prevention, which eliminates exposures before they can be exploited, neutralizing the speed advantage that AI provides to cyber criminals.
5 – CISOs will embrace AI security tools built in-house
As we move past the novelty phase of generative AI, 2026 will mark a shift toward the utility of agentic AI, and with it a growing appreciation for custom-made AI security tools tailored for an organization’s specific needs.
Complementing off-the-shelf AI products with tools built in-house will allow for more precise, effective security workflows and processes that can lessen the burden on overworked cyber pros.
“When implemented and designed with care, custom-made AI tools will transform security operations and alleviate pain points that lead to burnout,” Huber says.
Prediction: In 2026, rather than relying solely on commercial AI security tools, CISOs will direct their teams to build their own AI wares tailored to their organization’s unique challenges. These customized AI tools will, in turn, sharpen their cybersecurity programs and lighten the workload on their staff.
6 – Non-human identities will become the top cloud breach vector
Machine identities now outnumber human users by many orders of magnitude. This explosion of non-human identities (NHIs) is creating a massive, stealthy attack surface. In 2026, these billions of service accounts, keys, and tokens are set to become the primary vector for cloud breaches.
“The core problem is no longer misconfigs or missing patches. It’ll be billions of unseen, over-permissioned machine identities that attackers – or autonomous agentic AI – will leverage for silent, undetectable lateral movement,” Hayun says.
“CISOs will be forced to pivot massive spending toward permissions governance and large-scale cleanup as machine-identity sprawl has rendered cloud environments truly unmanageable,” she adds.
Prediction: NHIs will decisively become the number one cloud breach vector in 2026, a trend driven by myriad machine identities with excessive privileges. As a result, CISOs will need to prioritize getting this vast landscape of machine identities under control by strengthening identity and access management (IAM) governance and execution.
MailStore V25.2
MailStore presents a new version of our email archiving software:
Version 25.2 of MailStore Server, MailStore Service Provider Edition (SPE) and MailStore Gateway is now available!
Key Features:
MailStore Supports OAuth Authentication for Outlook.com
The MailStore archive profile for Outlook.com, including all email domains, now finally supports OAuth authentication. This makes login problems a thing of the past.
Email Archiving for NoSpamProxy Users
With MailStore version 25.2, NoSpamProxy users can archive e-mails. NoSpamProxy is configured via a connector so that emails are sent to the MailStore Gateway.
More improvements
In version 25.2 of MailStore, some third-party components have been updated to increase the security of our software. Other minor improvements and bug fixes can be found in our changelog.
Up-to-date certifications
Like other new versions, Version 25.2 is, of course, certified according to IDW PS 880 (DACH region only) and the EU GDPR.